Prevent SQL injection by identifiers#129
Merged
Merged
Conversation
Co-authored-by: Copilot <copilot@github.com>
- Refactored ClauseBuilder to improve handling of where clauses and arguments. - Updated BuildsQuery trait to utilize AST for managing query properties. - Modified HasJoinClause and HasLock traits to store join and lock information in the AST. - Improved HasWhereClause and HasWhereDateClause to push where clauses directly to the AST. - Adjusted QueryBase to reset properties and manage AST effectively. - Updated QueryGenerator to ensure driver and action are set in the AST. - Enhanced tests to verify correct parameter handling and AST synchronization. - Added normalization for placeholders in Postgres dialect. - Implemented new tests to validate the integrity of query parameters across various scenarios. Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: Copilot <copilot@github.com>
- Updated ClauseCompiler interface to separate AST setting and compilation methods. - Modified all compiler classes (Insert, Update, Delete, Select, Exists, etc.) to utilize the new AST handling. - Removed redundant QueryAst parameters from compile methods. - Ensured that all compilers now access the QueryAst through a protected method. - Added tests to verify that compiler state does not leak between compilations.
Co-authored-by: Copilot <copilot@github.com>
… and consistency across query components
- Replaced instances of Funct::count, Funct::sum, Funct::avg, and other aggregate functions with their corresponding global functions (count_of, sum, avg) across various test files. - Updated test cases in GroupByStatementTest, HavingClauseTest, SelectColumnsTest, and WhereClausesTest for PostgreSQL, SQLite, and other drivers to reflect the new function usage. - Ensured consistency in the use of function names and improved readability of the test cases.
- Introduced a new SqlData class to encapsulate SQL strings and parameters. - Updated InsertCompiler, JoinCompiler, SelectCompiler, UpdateCompiler, and WhereCompiler to return SqlData instead of CompiledClause. - Refactored compile methods to handle parameter collection more efficiently. - Adjusted the handling of placeholders in SQL strings across various compilers. - Ensured that the new structure maintains compatibility with existing query generation logic. - Updated tests to verify correct parameter ordering and SQL generation for subqueries and joins.
…pport raw and prepared modes
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.